Of all the unsupported opcodes, 8B has had a lot of attention because it seems unpredictable. Even the same computer has been seen to act differently even with the same inputs.

Of all the unsupported opcodes, 8B has had a lot of attention because it seems unpredictable. Even the same computer has been seen to act differently even with the same inputs.

+

+

== Explanation ==

The reason is that this opcode connects the A register to SB (the Special Bus) at both input and output: in a sense, A is both read and written. Unlike the stack pointer, the A register is not designed to do that, and the result is a circuit configuration which behaves in an interesting way.

The reason is that this opcode connects the A register to SB (the Special Bus) at both input and output: in a sense, A is both read and written. Unlike the stack pointer, the A register is not designed to do that, and the result is a circuit configuration which behaves in an interesting way.

Revision as of 22:23, 16 January 2011

Of all the unsupported opcodes, 8B has had a lot of attention because it seems unpredictable. Even the same computer has been seen to act differently even with the same inputs.

Contents

Explanation

The reason is that this opcode connects the A register to SB (the Special Bus) at both input and output: in a sense, A is both read and written. Unlike the stack pointer, the A register is not designed to do that, and the result is a circuit configuration which behaves in an interesting way.

Note that our switch-level simulation tends to produce wired-AND behaviour: if two logic gates both drive the same wire, then either of them can drive it low. A real 6502 usually does the same, which is why 8B - often called XAA - will more or less AND together the three inputs: the X register, the A register, and the immediate operand.

Why more or less? Two reasons: the A register is fed back on itself, and because of an interaction with the RDY input.

The A register drives the SB directly, and bits 0 and 4 read SB directly. The other 6 bits read SB through the Decimal Adjust logic, which doesn't affect the logic value but does affect the timing, the logic thresholds and the drive strengths. Exactly what happens is an analogue problem, not a digital one, so it will depend on the exact model of CPU, the variations of chip manufacture, the power supply and the temperature. We can't even model this without knowing the transistor strengths and having some idea of the transistor parameters - which we can only guess at.

The RDY input is a more digital influence on the outcome. RDY is intended to stall the CPU during read accesses, so it can read from slow memory. As it happens, the 6502 samples the databus on every falling clock edge, and loads the IDL (Input Data Latch), and then drives into the target register. Normally, the final cycle is the one which counts, overwriting the stray external values. In some computers, RDY is used to stall the CPU while the bus is used for DMA, which means the bus contains data such as video data for several cycles, except the last. In the case of XAA, every cycle's data is ANDed into A, and this is why the final value of A changes even for the same values of operand, X and A.

Circuit Diagram

Here's an abridged circuit diagram. Note that bits 0 and 4 have direct A feedback whereas the other bits have indirect feedback. Note that phi1 is when A is written, but the preceding phi2 is when the operand is loaded and the two busses precharged high.

(Logic gate pullups shown as resistors, although in NMOS logic pullups are not usually depletion-mode transistors. They pull up to the positive rail. The pass transistors and precharges cannot pull up to the rail: they drop a threshold voltage. These considerations will affect an analogue analysis.)

Testing this opcode

This opcode has 3 bytes of input, supposing that we're not allowing RDY to stall the machine and add more operands. We have a test program which tests 256^3 combinations of inputs and compares the final A and the two affected flags against a model. We also have a few specific combinations we've used to characterise different chips.

describe or define the programs here

also mention the Java simulation which tests the robustness of the switch simulator results (against the order of evaluation)

Modelling this opcode

Mention and link to an emulator code fragment.

The base formula for XAA seens to be:

A = (A | magic) & X & imm

"magic" defines which bits of A shine through.

Tested CPUs

We collect here some results of testing this opcode on various CPUs from different manufacturers and in various computers.

~150k errors (1%) in full testsometimes bit 3 set, for example A=03 X=FF imm=FF results either in 03 or 0B in repeated tests

Rockwell

SALLY

8322

C014806-1211151-128322

Atari 800XL

Hias

00

-

no

~80k errors (0.5%) in full testsometimes bit 3 is set, but also bit 2 and 5 were set sometimesfor example A=5F or A=87 resulted in a set bit 3 (quite frequently), bit 5 (less frequently) or bit 2 (least frequent)only flipping from 0 to 1 observed, no flipping from 1 to 0

NCR

SALLY

8337

NCR C014806C-29F826948 S8737

Atari 800XE

Hias

00

-

yes

?

SALLY

?

C014806-35(C) ATARI 1980

Atari 65XE

Hias

00

-

no

This one is highly unstable and the formula seems to be more like A & X & (imm | 6E)when the CPU is cold A=FF X=FF imm=00 result in 46, later 66 and then 6E (when the CPU is warm)bit 0 often flips from 0 to 1, for example A=01 X=01 imm=0C results in 00 or 01 (01 occurring more frequently when the CPU is warm)Also bit 3 flipping from 1 to 0 was observed with A=09 X=E5 and imm=05 or 41 (result: 00 instead of 08)

Rockwell

SALLY

8328

C014806-1211151-120579 8328

Atari 130XE

Hias

00

-

yes

Synertek

SALLY

8324

C014806-038324

Atari 600XL

Hias

00

-

yes

Synertek

SALLY

8321

C014806-038321

Atari 600XL

Hias

00

-

no

~95k errors (0.6%) in full test, sometimes bit 3 was set

Synertek

SALLY

8407

C014806-038407

Atari 800XL

Hias

00

-

yes

Rockwell

?

8402

R6502APR6502-138407

BBC Model B

EdS

?

?

?

?

(*)Note: "stable" means that the formula, the "magic" value and the potential #4 clearing by RDY fully describe the behavior.